l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
September 2: Social gathering
Next Installfest:
TBD
Latest News:
Aug. 18: Discounts to "Velocity" in NY; come to tonight's "Photography" talk
Page last updated:
2002 Oct 06 11:23

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] possible rooted system / checking md5sum on debian
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] possible rooted system / checking md5sum on debian



hi mike,

yah, i'm using integrit, but i really need to pare down what gets
checked; the reports are next to useless since there's no way in hell
i'm going to read the whole thing.

currently, i scan the output for binaries and wierd stuff like "..." or
".pfloyd".  but often, the output is just so long that it's a token
scan.  not a concerted look.

just need to find some time to spend with my integrit config files.

actually, if anyone has played around with integrit, and has some
custom config files, i wouldn't mind taking a look at what you have.

btw, integrit is an open source version of tripwire.

but as you point out, it prolly doesn't do me much good at this point.
i have no idea when their breakin happened.  only when it was
discovered.  :-(

pete




begin dugan@passwall.com <dugan@passwall.com> 
> Not a direct answer to your Q, but related.
> 
> After installation of packages, AIDE or tripwire can help to check for
> file mods with md5 This does nothing for checking the package before you
> install it though. :-(
> 
> I dont know of a system to check for MD5 sums of all debain packages and
> verify. There have been discussions about how to have cert signing of
> packages, but who would be a central authority to sign packages? GPG
> might allow for a decentralized, distributed signing system, but it has
> drawbacks too. :-(
> 
> In some ways, MD5 is not as secure as gpg signed packages, but imagine
> the keyring!
> 
> Sorry I dont have an answer for you, but I would like to see what other
> people say.
> 
> -ME
_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.